FRR ACLs not working after upgrade to 2.7.0 (ospfd also fails unless wiped)

Gobo42

I upgraded pfsense to 2.7.0 last night and realized that ospfd was not working. Looking through the logs I found:
routing.log:

Aug  1 21:30:53 pfsense watchfrr[64924]: watchfrr 7.5.1 starting: vty@0
Aug  1 21:30:53 pfsense watchfrr[64924]: zebra state -> up : connect succeeded
Aug  1 21:30:53 pfsense watchfrr[64924]: staticd state -> up : connect succeeded
Aug  1 21:30:53 pfsense watchfrr[64924]: ospfd state -> down : initial connection attempt failed
Aug  1 21:30:53 pfsense watchfrr[64924]: Forked background command [pid 65100]: /usr/local/etc/rc.d/frr restart ospfd
Aug  1 21:30:53 pfsense watchfrr[64924]: restart ospfd process 65100 exited with non-zero status 1
Aug  1 21:31:08 pfsense watchfrr[64924]: [EC 268435457] staticd state -> down : read returned EOF
Aug  1 21:31:08 pfsense watchfrr[64924]: [EC 268435457] zebra state -> down : read returned EOF
Aug  1 21:31:08 pfsense watchfrr[64924]: Terminating on signal

and in system.log:

Aug  1 21:29:58 pfsense root[66088]: /usr/local/etc/rc.d/frr: WARNING: failed to start ospfd
Aug  1 21:30:52 pfsense php-fpm[379]: FRR Package: FRR: Daemon state: zebra: running | staticd: running | ospfd: stopped
Aug  1 21:30:53 pfsense root[63956]: /usr/local/etc/rc.d/frr: WARNING: failed to start ospfd
Aug  1 21:30:53 pfsense root[68098]: /usr/local/etc/rc.d/frr: WARNING: failed to start ospfd
Aug  1 21:31:08 pfsense php-fpm[84679]: FRR Package: FRR: Daemon state: zebra: running | staticd: running | ospfd: stopped
Aug  1 21:31:08 pfsense root[93815]: /usr/local/etc/rc.d/frr: WARNING: failed to start ospfd
Aug  1 21:31:09 pfsense root[97519]: /usr/local/etc/rc.d/frr: WARNING: failed to start ospfd
Aug  1 21:31:40 pfsense php-fpm[379]: FRR Package: FRR: Daemon state: zebra: running | staticd: running | ospfd: stopped

I tried reinstalling FRR and ospfd still failed to start. I ended up wiping the config and ospf started properly with no config, and then I re-added the same config back bit by bit and everything seemed to be working well. However when I was re-adding my access lists in, I tried to save a standard acl with seq #'s 10,20,30,... I got an error saying:

Standard type ACLs must have a numeric name in the range 1-99 or 1300-1999.

The sequence numbers were within 1-99. Please see screenshot:

Can someone help explain if I'm doing something wrong here? is this a bug?
Thanks

jimp

The Name on your ACL is test which isn't valid for a standard ACL, it has to be a number in the given ranges (e.g. 50).

I can't reproduce any problems with the input in the fields below either, though I suggest you maybe make sure there isn't any leading or trailing whitespace in the fields.

Make sure the source is a network (e.g. x.x.x.x/yy), without the CIDR mask it's not a "network" so it would fail validation.

Gobo42

@jimp oh. ok, the Name needs to be numeric. I thought it was an issue witht he sequence numbers. In my previous config I had a name of "Block_Ext" to prevent my external routes from being distributed internally, so it should be a "Zebra ACL" rather than a "Standard ACL".

Did you get a chance to look into why an upgrade broke my FRR routing config? I can upload a sanitized routing config if you need.

thanks.